Privacy Policy

Cenoa Payment provides borderless payment infrastructure to individuals, freelancers, and merchants. Payment processing on the platform is performed by our regulated payment partner, and certain account, balance, and ledger services may be performed by additional regulated partners listed in our public documentation.

This Privacy Policy applies to information we control as a data controller. Where our payment processor acts as an independent controller for your payment data (for example, card details you provide directly to its hosted card field), that processor's privacy policy governs that processing in addition to ours. We do not store full card numbers on our servers.

We collect information you provide directly, information generated through your use of the Services, and information received from partners and verification providers. The categories below summarize what we collect and why.

We use the information we collect to operate, maintain, and improve the Services; to process payments and settle funds; to verify identity and prevent fraud, money laundering, terrorist financing, and other illegal activity; to comply with legal and regulatory obligations; to send you transactional notifications and important account alerts; and, where you have opted in, to send you marketing communications.

We also use aggregated and de-identified data for analytics, research, model training for fraud detection, and product development. Aggregated data does not identify you individually and is not subject to this Privacy Policy.

We share information with: (a) our regulated payment and financial partners required to provide the Services; (b) identity verification, sanctions screening, and fraud prevention vendors; (c) cloud infrastructure and analytics providers acting as our processors; (d) professional advisors such as auditors and lawyers; (e) authorities and other parties when required by law, court order, or to protect rights, property, or safety; and (f) parties involved in a corporate transaction such as a merger, acquisition, or sale of assets.

We do not sell personal information for monetary consideration.

We retain personal information for as long as needed to provide the Services and to satisfy legal, accounting, tax, and regulatory requirements. Transaction and KYC records are typically retained for at least five years after account closure, in line with global anti-money-laundering rules. Marketing data is retained until you withdraw consent.

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to our processing of your personal data, to data portability, and to withdraw consent. EEA, UK, and Swiss residents may lodge a complaint with their local data protection authority. California residents have rights under the CCPA/CPRA, including the right to opt out of sharing for cross-context behavioral advertising. To exercise any of these rights, contact us at the address below; we will verify your identity before responding.

We operate globally. Your personal information may be transferred to, stored in, and processed in countries other than your own, including the United States. Where required, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms.

We employ administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, hardware-backed key management, role-based access controls, multi-factor authentication for staff, network segmentation, continuous monitoring, and regular third-party penetration testing. No system is perfectly secure; we ask you to safeguard your account credentials and to enable two-factor authentication.

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by an in-product notice. The "Last Updated" date at the top of this page reflects the most recent revision.

If you have questions about this Privacy Policy or our data practices, contact our Data Protection Officer at privacy@cenoapayments.com or write to us at Cenoa Payment, Attn: Privacy, 1 Market Street, Suite 100, San Francisco, CA 94105, United States.